19 January 2007, 19:51

Denail-of-Service problem in Bitdefender's enterprise scanners

Bitdefender has closed a format string vulnerability in its virus scanners for enterprise networks. Attackers were at least able to exploit this vulnerability for denial of service attacks. The vulnerability affects version 8.02 of BitDefender's Client Professional Plus. The vendor is distributing a remedied version of the software via the automatic update service.

The flaw is a format string vulnerability in the routines that create log files of the virus scanner's searches. Attackers could use specially prepared information in the scan settings to read and write arbitrary areas of the memory, causing the scanner to crash at the very least. Administrators of BitsDefender solutions are advised to update their software immediately if this has not already happened automatically.

Also see:

BitDefender Client 8.02 Format String Vulnerability, security advisory from Layered Defense Research at Full Disclosure
Format string vulnerability, Bitdefender's security advisory

(ehe)

« previous | next »

Print version | Send by email

Share this article

Denail-of-Service problem in Bitdefender's enterprise scanners

Internet Toolkit

SSL for free - step by step

Testing email with encryption

Shortened-breaks

The H Security Conficker information site

Tracking down malware

Health Check: Mandriva

Kernel Log: Linux 2.6.34 goes into testing

The H Update Check

Happenings: FOSS at CeBIT 2010

Of Android and the Fear of Fragmentation

Kernel Log: Stable kernels analysed, Linux without firmware, new graphics drivers

What's new in Linux 2.6.33

Health Check: FreeBSD - "The unknown giant"

New life for dead software

Price Insight Top 10

The H

The H open source

The H Security

The H Internet Toolkit